双向SSL认证
[英]Two-way mutual SSL authentication
问题描述
I've been tasked with implementing functionality in a Spring Boot REST API to contact another API (XML webservice).
我的任务是在 Spring 启动 REST API 中实现功能以联系另一个 ZDB974238714CA8DE634ACE 网络服务。 The outside API uses two-way SSL authentication.外部API采用双向SSL认证。 I've been given the correct certificate to implement on our side, and I've implemented the Java code.我已经获得了要在我们这边实施的正确证书,并且我已经实施了 Java 代码。 But whenever I run the code I get "Received fatal alert: handshake_failure".但是每当我运行代码时,我都会收到“收到致命警报:handshake_failure”。 I've loaded the jks keystore into the SSLContext like this:我已经将 jks 密钥库加载到 SSLContext 中,如下所示:
FileInputStream truststoreFile = new FileInputStream("/Users/myUser/Desktop/myProject/myProjectName/src/main/resources/keystore-name.jks");
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore truststore = KeyStore.getInstance(KeyStore.getDefaultType());
char[] trustorePassword = "keyStorePassword".toCharArray();
truststore.load(truststoreFile, trustorePassword);
trustManagerFactory.init(truststore);
SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
KeyManager[] keyManagers = {};//if you have key managers;
sslContext.init(keyManagers, trustManagerFactory.getTrustManagers(), new SecureRandom());
Would I actually have to configure anything else to enable mutual two-way SSL from our API, acting like I client in this scenario?我是否真的需要配置其他任何东西才能从我们的 API 启用双向 SSL,在这种情况下就像我的客户端一样? I thought I could just like the cert keystore and go.我想我可以喜欢证书密钥库和 go。 But maybe I need to do something else to enable this?但也许我需要做其他事情来启用它?
1 个解决方案
解决方案1
0 2021-12-07 21:38:47
You are using the file shared with you in the wrong context.您在错误的上下文中使用了与您共享的文件。 That file is a Keystore containing the client certificate and corresponding key.该文件是包含客户端证书和相应密钥的密钥库。
TrustStore - Tells which CAs should be trusted by the client (you). TrustStore - 告诉客户(您)应该信任哪些 CA。
Keystore - Tells the server about the client (you).密钥库 - 告诉服务器有关客户端(您)的信息。
In order for the mutual TLS handshake to pass through, you need to load the Keystore and set it in KeyManager like below.为了使双向 TLS 握手能够通过,您需要加载 Keystore 并在 KeyManager 中进行设置,如下所示。
// Load the Keystore
KeyStore keyStore = KeyStore.getInstance("JKS");
InputStream keystoreStream = new FileInputStream(pathToJKSFile);
keyStore.load(keystoreStream, keystorePassword.toCharArray());
// Add Keystore to KeyManager
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keystorePassword.toCharArray());
// Create SSLContext with KeyManager and TrustManager
SSLContext context = SSLContext.getInstance("TLS");
context.init(keyManagerFactory.getKeyManagers(), null, new SecureRandom());
SSLSocketFactory sslSocketFactory = context.getSocketFactory();
// Now, use this SSLSocketFactory while making the HTTPS request
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.